CVE-2013-3713

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.

Published: Jan 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-3713
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
opensuse / opensuse	13.1	13.1.x

http://lists.opensuse.org/opensuse-updates/2013-12/msg00117.html
https://bugzilla.novell.com/show_bug.cgi?id=843230

Vulnerability Database

290,278

CVE-2013-3713